CVE-2019-3615

Published: Mar 12, 2019Modified: Nov 21, 2024

6.8

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Data Leakage Attacks vulnerability in the web interface in McAfee Database Security prior to the 4.6.6 March 2019 update allows local users to expose passwords via incorrectly auto completing password fields in the admin browser login screen.

Affected (1)

Products: Mcafee: Database Security

Mcafee

1 product

Database Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mcafee Database Security	Up to 4.6.6

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/107385

Source: trellixpsirt@trellix.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10277

Source: trellixpsirt@trellix.com

http://www.securityfocus.com/bid/107385

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10277

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.